diff --git a/packages/@aws-cdk/aws-events-targets/lib/util.ts b/packages/@aws-cdk/aws-events-targets/lib/util.ts index ddcd83adb5f1b..41a5ab110d3b9 100644 --- a/packages/@aws-cdk/aws-events-targets/lib/util.ts +++ b/packages/@aws-cdk/aws-events-targets/lib/util.ts @@ -1,7 +1,7 @@ import * as events from '@aws-cdk/aws-events'; import * as iam from '@aws-cdk/aws-iam'; import * as lambda from '@aws-cdk/aws-lambda'; -import { Construct, IConstruct } from '@aws-cdk/core'; +import { Construct, ConstructNode, IConstruct } from '@aws-cdk/core'; /** * Obtain the Role for the EventBridge event @@ -27,9 +27,18 @@ export function singletonEventRole(scope: IConstruct, policyStatements: iam.Poli * Allows a Lambda function to be called from a rule */ export function addLambdaPermission(rule: events.IRule, handler: lambda.IFunction): void { + let scope: Construct | undefined; + let node: ConstructNode = handler.permissionsNode; + if (rule instanceof Construct) { + // Place the Permission resource in the same stack as Rule rather than the Function + // This is to reduce circular dependency when the lambda handler and the rule are across stacks. + scope = rule; + node = rule.node; + } const permissionId = `AllowEventRule${rule.node.uniqueId}`; - if (!handler.permissionsNode.tryFindChild(permissionId)) { + if (!node.tryFindChild(permissionId)) { handler.addPermission(permissionId, { + scope, action: 'lambda:InvokeFunction', principal: new iam.ServicePrincipal('events.amazonaws.com'), sourceArn: rule.ruleArn, diff --git a/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json b/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json index 5d4b2eaedfcb2..031c41c4e954c 100644 --- a/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json @@ -29,6 +29,25 @@ ] } }, + "ScheduleRuleAllowEventRuleawscdkawsapitargetintegScheduleRule51140722763E20C1": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "AWSb4cf1abd4e4f4bc699441af7ccd9ec371511E620", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "ScheduleRuleDA5BD877", + "Arn" + ] + } + } + }, "AWSb4cf1abd4e4f4bc699441af7ccd9ec37ServiceRole9FFE9C50": { "Type": "AWS::IAM::Role", "Properties": { @@ -146,44 +165,6 @@ "AWSb4cf1abd4e4f4bc699441af7ccd9ec37ServiceRole9FFE9C50" ] }, - "AWSb4cf1abd4e4f4bc699441af7ccd9ec37AllowEventRuleawscdkawsapitargetintegScheduleRule511407226CC02048": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "AWSb4cf1abd4e4f4bc699441af7ccd9ec371511E620", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "ScheduleRuleDA5BD877", - "Arn" - ] - } - } - }, - "AWSb4cf1abd4e4f4bc699441af7ccd9ec37AllowEventRuleawscdkawsapitargetintegPatternRule3D38858113E3D24D": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "AWSb4cf1abd4e4f4bc699441af7ccd9ec371511E620", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "PatternRule4AF6D328", - "Arn" - ] - } - } - }, "PatternRule4AF6D328": { "Type": "AWS::Events::Rule", "Properties": { @@ -216,6 +197,25 @@ } ] } + }, + "PatternRuleAllowEventRuleawscdkawsapitargetintegPatternRule3D388581AA4F776B": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "AWSb4cf1abd4e4f4bc699441af7ccd9ec371511E620", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "PatternRule4AF6D328", + "Arn" + ] + } + } } }, "Parameters": { @@ -232,4 +232,4 @@ "Description": "Artifact hash for asset \"4e52413f31cff0a335f5083fa6197a6cb61928644842d89026c42c2d2a98342e\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json index 320b77d6d9795..aad7c05f0bd5f 100644 --- a/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/lambda/integ.events.expected.json @@ -50,26 +50,25 @@ "MyFuncServiceRole54065130" ] }, - "MyFuncAllowEventRulelambdaeventsTimer0E6AB6D8E3B334A3": { - "Type": "AWS::Lambda::Permission", + "TimerBF6F831F": { + "Type": "AWS::Events::Rule", "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "MyFunc8A243A2C", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "TimerBF6F831F", - "Arn" - ] - } + "ScheduleExpression": "rate(1 minute)", + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::GetAtt": [ + "MyFunc8A243A2C", + "Arn" + ] + }, + "Id": "Target0" + } + ] } }, - "MyFuncAllowEventRulelambdaeventsTimer27F866A1E0669C645": { + "TimerAllowEventRulelambdaeventsTimer0E6AB6D890F582F4": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", @@ -82,16 +81,16 @@ "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ - "Timer2B6F162E9", + "TimerBF6F831F", "Arn" ] } } }, - "TimerBF6F831F": { + "Timer2B6F162E9": { "Type": "AWS::Events::Rule", "Properties": { - "ScheduleExpression": "rate(1 minute)", + "ScheduleExpression": "rate(2 minutes)", "State": "ENABLED", "Targets": [ { @@ -106,22 +105,23 @@ ] } }, - "Timer2B6F162E9": { - "Type": "AWS::Events::Rule", + "Timer2AllowEventRulelambdaeventsTimer27F866A1E50659689": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ScheduleExpression": "rate(2 minutes)", - "State": "ENABLED", - "Targets": [ - { - "Arn": { - "Fn::GetAtt": [ - "MyFunc8A243A2C", - "Arn" - ] - }, - "Id": "Target0" - } - ] + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyFunc8A243A2C", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "Timer2B6F162E9", + "Arn" + ] + } } } } diff --git a/packages/@aws-cdk/aws-events-targets/test/lambda/lambda.test.ts b/packages/@aws-cdk/aws-events-targets/test/lambda/lambda.test.ts index ff171b6ee5a80..28df0932c9ba4 100644 --- a/packages/@aws-cdk/aws-events-targets/test/lambda/lambda.test.ts +++ b/packages/@aws-cdk/aws-events-targets/test/lambda/lambda.test.ts @@ -1,4 +1,4 @@ -import { countResources, expect, haveResource } from '@aws-cdk/assert'; +import '@aws-cdk/assert/jest'; import * as events from '@aws-cdk/aws-events'; import * as lambda from '@aws-cdk/aws-lambda'; import * as cdk from '@aws-cdk/core'; @@ -23,7 +23,7 @@ test('use lambda as an event rule target', () => { // THEN const lambdaId = 'MyLambdaCCE802FB'; - expect(stack).to(haveResource('AWS::Lambda::Permission', { + expect(stack).toHaveResource('AWS::Lambda::Permission', { Action: 'lambda:InvokeFunction', FunctionName: { 'Fn::GetAtt': [ @@ -33,9 +33,9 @@ test('use lambda as an event rule target', () => { }, Principal: 'events.amazonaws.com', SourceArn: { 'Fn::GetAtt': ['Rule4C995B7F', 'Arn'] }, - })); + }); - expect(stack).to(haveResource('AWS::Lambda::Permission', { + expect(stack).toHaveResource('AWS::Lambda::Permission', { Action: 'lambda:InvokeFunction', FunctionName: { 'Fn::GetAtt': [ @@ -45,17 +45,17 @@ test('use lambda as an event rule target', () => { }, Principal: 'events.amazonaws.com', SourceArn: { 'Fn::GetAtt': ['Rule270732244', 'Arn'] }, - })); + }); - expect(stack).to(countResources('AWS::Events::Rule', 2)); - expect(stack).to(haveResource('AWS::Events::Rule', { + expect(stack).toCountResources('AWS::Events::Rule', 2); + expect(stack).toHaveResource('AWS::Events::Rule', { Targets: [ { Arn: { 'Fn::GetAtt': [lambdaId, 'Arn'] }, Id: 'Target0', }, ], - })); + }); }); test('adding same lambda function as target mutiple times creates permission only once', () => { @@ -75,7 +75,7 @@ test('adding same lambda function as target mutiple times creates permission onl })); // THEN - expect(stack).to(countResources('AWS::Lambda::Permission', 1)); + expect(stack).toCountResources('AWS::Lambda::Permission', 1); }); test('adding same singleton lambda function as target mutiple times creates permission only once', () => { @@ -100,7 +100,30 @@ test('adding same singleton lambda function as target mutiple times creates perm })); // THEN - expect(stack).to(countResources('AWS::Lambda::Permission', 1)); + expect(stack).toCountResources('AWS::Lambda::Permission', 1); +}); + +test('lambda handler and cloudwatch event across stacks', () => { + // GIVEN + const app = new cdk.App(); + const lambdaStack = new cdk.Stack(app, 'LambdaStack'); + + const fn = new lambda.Function(lambdaStack, 'MyLambda', { + code: new lambda.InlineCode('foo'), + handler: 'bar', + runtime: lambda.Runtime.PYTHON_2_7, + }); + + const eventStack = new cdk.Stack(app, 'EventStack'); + new events.Rule(eventStack, 'Rule', { + schedule: events.Schedule.rate(cdk.Duration.minutes(1)), + targets: [new targets.LambdaFunction(fn)], + }); + + expect(() => app.synth()).not.toThrow(); + + // the Permission resource should be in the event stack + expect(eventStack).toCountResources('AWS::Lambda::Permission', 1); }); function newTestLambda(scope: constructs.Construct) { diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json index 851224d90d2f4..f8f6f78713d64 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.lambda-chain.expected.json @@ -114,6 +114,25 @@ ] } }, + "FirstEventInvokeConfigFailureAllowEventRuleawscdklambdachainFirstEventInvokeConfigFailure7180F42FA8F1F1F0": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "ErrorD9F0B79D", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "FirstEventInvokeConfigFailureA1E005BC", + "Arn" + ] + } + } + }, "FirstEventInvokeConfigSuccess865FF6FF": { "Type": "AWS::Events::Rule", "Properties": { @@ -156,6 +175,25 @@ ] } }, + "FirstEventInvokeConfigSuccessAllowEventRuleawscdklambdachainFirstEventInvokeConfigSuccess2DCAE39FC2495AB7": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "Second394350F9", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "FirstEventInvokeConfigSuccess865FF6FF", + "Arn" + ] + } + } + }, "FirstEventInvokeConfig7DE6209E": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { @@ -284,25 +322,6 @@ "SecondServiceRole55940A31" ] }, - "SecondAllowEventRuleawscdklambdachainFirstEventInvokeConfigSuccess2DCAE39F08E88C92": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "Second394350F9", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "FirstEventInvokeConfigSuccess865FF6FF", - "Arn" - ] - } - } - }, "SecondEventInvokeConfigSuccess53614893": { "Type": "AWS::Events::Rule", "Properties": { @@ -345,6 +364,25 @@ ] } }, + "SecondEventInvokeConfigSuccessAllowEventRuleawscdklambdachainSecondEventInvokeConfigSuccess2078CDC9C7FB9F61": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "Third1125870F", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "SecondEventInvokeConfigSuccess53614893", + "Arn" + ] + } + } + }, "SecondEventInvokeConfig3F9DE36C": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { @@ -428,25 +466,6 @@ "ThirdServiceRole42701801" ] }, - "ThirdAllowEventRuleawscdklambdachainSecondEventInvokeConfigSuccess2078CDC9C6C3FA25": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "Third1125870F", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "SecondEventInvokeConfigSuccess53614893", - "Arn" - ] - } - } - }, "ErrorServiceRoleCE484966": { "Type": "AWS::IAM::Role", "Properties": { @@ -496,25 +515,6 @@ "DependsOn": [ "ErrorServiceRoleCE484966" ] - }, - "ErrorAllowEventRuleawscdklambdachainFirstEventInvokeConfigFailure7180F42F0285281B": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "ErrorD9F0B79D", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "FirstEventInvokeConfigFailureA1E005BC", - "Arn" - ] - } - } } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json index 27c2eed74ca17..9952517f5e00e 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json @@ -908,6 +908,25 @@ ] } }, + "InstanceAvailabilityAllowEventRuleawscdkrdsinstanceInstanceAvailabilityCE39A6A7B066AA0D": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "Function76856677", + "Arn" + ] + }, + "Principal": "events.amazonaws.com", + "SourceArn": { + "Fn::GetAtt": [ + "InstanceAvailabilityAD5D452C", + "Arn" + ] + } + } + }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { "Type": "AWS::IAM::Role", "Properties": { @@ -970,7 +989,7 @@ "Runtime": "nodejs10.x", "Code": { "S3Bucket": { - "Ref": "AssetParameters74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437bS3Bucket48EF98C9" + "Ref": "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3BucketAE1150B3" }, "S3Key": { "Fn::Join": [ @@ -983,7 +1002,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437bS3VersionKeyF33C73AF" + "Ref": "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3VersionKeyC76660C1" } ] } @@ -996,7 +1015,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437bS3VersionKeyF33C73AF" + "Ref": "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3VersionKeyC76660C1" } ] } @@ -1087,39 +1106,20 @@ "DependsOn": [ "FunctionServiceRole675BB04A" ] - }, - "FunctionAllowEventRuleawscdkrdsinstanceInstanceAvailabilityCE39A6A71E819C19": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "Function76856677", - "Arn" - ] - }, - "Principal": "events.amazonaws.com", - "SourceArn": { - "Fn::GetAtt": [ - "InstanceAvailabilityAD5D452C", - "Arn" - ] - } - } } }, "Parameters": { - "AssetParameters74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437bS3Bucket48EF98C9": { + "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3BucketAE1150B3": { "Type": "String", - "Description": "S3 bucket for asset \"74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437b\"" + "Description": "S3 bucket for asset \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" }, - "AssetParameters74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437bS3VersionKeyF33C73AF": { + "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3VersionKeyC76660C1": { "Type": "String", - "Description": "S3 key for asset version \"74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437b\"" + "Description": "S3 key for asset version \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" }, - "AssetParameters74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437bArtifactHash976CF1BD": { + "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147ArtifactHash717FC602": { "Type": "String", - "Description": "Artifact hash for asset \"74a1cab76f5603c5e27101cb3809d8745c50f708b0f4b497ed0910eb533d437b\"" + "Description": "Artifact hash for asset \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" } } } diff --git a/tools/cdk-integ-tools/bin/cdk-integ-assert.ts b/tools/cdk-integ-tools/bin/cdk-integ-assert.ts index 758a8288fb0d6..2fd262a933792 100644 --- a/tools/cdk-integ-tools/bin/cdk-integ-assert.ts +++ b/tools/cdk-integ-tools/bin/cdk-integ-assert.ts @@ -16,7 +16,7 @@ async function main() { process.stdout.write(`Verifying ${test.name} against ${test.expectedFileName} ... `); if (!test.hasExpected()) { - throw new Error(`No such file: ${test.expectedFileName}. Run 'npm run integ'.`); + throw new Error(`No such file: ${test.expectedFileName}. Run 'yarn integ'.`); } let expected = await test.readExpected(); @@ -40,7 +40,7 @@ async function main() { if (failures.length > 0) { // eslint-disable-next-line max-len - throw new Error(`Some stacks have changed. To verify that they still deploy successfully, run: 'npm run integ ${failures.join(' ')}'`); + throw new Error(`Some stacks have changed. To verify that they still deploy successfully, run: 'yarn integ ${failures.join(' ')}'`); } }